Hardware crypto with Geode LX based ALIX board
I'm using an
Alix 2d13
machine as home router for quite some time now - uptime was 158 days
today. The board has a 500MHz AMD Geode LX800 CPU, which can do
AES crypto in hardware.
Today, I've found time to play with the
glxsb(4)
driver, and get some numbers:

The command "openssl speed -evp aes-128-cbc -elapsed" was ran each time, in the first case with
glxsb(4) disabled (boot -c, disable glxsb), in the second case
with the driver enabled.

Still, I find those numbers interesting in comparison to
those of a Soekris 5501, esp.
as the machines have the same CPU & clock rate.

I couldn't find a way to switch use of hardware crypto off in
software, anyone got a hint? openssl(1)'s "-engine cryptodev" seems
to always use hardware crypto when it's there, and leaving out
that switch uses the same engine, so no difference.
I've found a few sysctls under kern.*, but apparently none seems
relevant to my goal (not to speak of the lack of documentation...)

NetBSD on Soekris net5501 - AMD Geode LX AES crypto performance
Jared McNeill has worked on getting support for the AES/RNG security block
found in the AMD Geode LX family of processors, which in turn can be found
on e.g.
Soekris net5501
machines. The code was ported from OpenBSD, see his
posting to tech-crypto
for some numbers:

The numbers were obtained by running
"openssl speed -evp aes-128-cbc -elapsed" for the "swcrypto"
case that uses the CPU for the crypto operatin, and
"openssl speed -evp aes-128-cbc -elapsed -engine cryptodev"
for the "hwcrypto" case that uses the
crypto(4)
routines. For a list of crypto engines available, run
"openssl engine".

Noteworthy details in the above numbers are that the throughput
for swcrypto remains mostly constant regardless of the
blocksize, while the throughput for small blocks in the hwcrypto
case is rather mediocre. The reason for this is that the crypto hardware
requires some setup overhead that's ammounting when using small blocks.

A remaining mysteria is how to tell ssh(1)/sshd(1) what crypto engine
to use... anyone got details?